2

I have using message digest, I have seen it being used sometimes with salt 

        synchronized (hasher) {
            hasher.update(salt);            // "Updates" the digest using the specified byte.
            salt++;
            digest = hasher.digest(data);   // Final "updates" on the digest using the specified array of bytes, then "completes" the digest computation.   
        }

and some times without salt:

 md.update(data);
 byte[] toChapter1Digest = md.digest();

Now, when can should I, be using the digest with salt and should not I ? Brief research, I concluded, that whenever the password element is involved the salt is used.

JavaDeveloper
  • 5,320
  • 16
  • 79
  • 132

3 Answers3

7

A message digest (also known as a "hash") is the output of a digest or cryptographic hash function, which is a one-way fixed-size-output compression function having the property that small changes to the input (message) result in large, unpredictable changes in the output digest. How to use such a function depends greatly on what you are trying to do with it.

The term "salt" refers to a small, random input to the hash function that is used to alter the state of the function prior to adding additional input that may be predictable in some way. This is a security mechanism that was developed for protecting passwords when using a message digest as a password verifier function. If a salt is not used, then any users having the same password will have the same password hash stored in the user database. Enormous efficient hash reversal tables ("rainbow tables") exist for the most common message digest functions used in this manner (MD5, NTLM password hash, etc.), and an attacker who obtains the database has only to perform a table lookup to obtain the plaintext password of every user. Using a salt prevents the generation of these tables, since each byte of salt results in a 256x size increase of the lookup table.

It's very important to note that simple message digest with salt is an insufficient protection for password storage and verification. This is a complex problem, and solutions already exist that can properly resist attack: PBKDF2, bcrypt, scrypt, and others.

Similarly, verifying the proper transmission of a message requires the use of a more advanced cryptographic construction called a Hashed Message Authentication Code (HMAC). This is built on a message digest function, but uses a cryptographic key to guarantee not only the integrity of the protected message but also the authenticity of the message digest itself.

bonsaiviking
  • 5,825
  • 1
  • 20
  • 35
2

Use a salt to avoid brute force attacks against all passwords at once with rainbow tables. By adding a salt (and storing it with the password), you slow down rainbow table attacks by making the attacker calculate the hash for each stored password, rather than comparing to all of them at once.

Derek Williams
  • 229
  • 2
  • 4
1

Your conclusion regarding its use with MessageDigest is correct, the salt (nonce), among other things, is used to protect against the use of rainbow tables to crack password hashes.

A rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering a plaintext password up to a certain length consisting of a limited set of characters. It is a practical example of a space/time trade-off, using less computer processing time and more storage than a brute-force attack which calculates a hash on every attempt, but more processing time and less storage than a simple lookup table with one entry per hash. Use of a key derivation function that employs a salt makes this attack infeasible.

See wikipedia

uraimo
  • 19,081
  • 8
  • 48
  • 55